Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: After cross_fuzz leak: More Internet Explorer Vulnerabilities reported SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
After cross_fuzz leak: More Internet Explorer Vulnerabilities reported

Earlier this week, Michal Zalewski of Google released cross_fuzz [1], a tool so far used internally at Google to identify browser bugs. While the tool is not specific to a particular browser, Google had a lot of success using it against Internet Explorer. It is no surprise that with the release of the tool, we see the release of new vulnerabilities. For example, today a "Circular Memory References Use-after-free" issue was uncovered in Internet Explorer [2]

 

[1] http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html
[2] http://www.vupen.com/english/advisories/2011/0026

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3699 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!